Squidclamav scannt wohl nicht

Tripwire, Guardian, Snort, Squidclamav
Post Reply
quicksilver

Squidclamav scannt wohl nicht

Post by quicksilver » April 21st, 2010, 11:06 am

Ich habe das Problem das mein Squidclamav  sich wohl nicht um die viren zu kümmern scheint.

Alle Testviren konnte ich laden.

Hier ein paar auszüge aus config usw..

Code: Select all

# ps -ef | grep squidclamav
squid     2874  2744  0 12:07 ?        00:00:01 /usr/bin/squidclamav
squid     2885  2748  0 12:07 ?        00:00:00 /usr/bin/squidclamav
squid     2888  2747  0 12:07 ?        00:00:00 /usr/bin/squidclamav
squid     2889  2741  0 12:07 ?        00:00:04 /usr/bin/squidclamav
squid     2890  2746  0 12:07 ?        00:00:00 /usr/bin/squidclamav
squid     2892  2749  0 12:07 ?        00:00:00 /usr/bin/squidclamav
squid     2903  2743  0 12:07 ?        00:00:02 /usr/bin/squidclamav
squid     2905  2745  0 12:07 ?        00:00:01 /usr/bin/squidclamav
squid     2911  2750  0 12:07 ?        00:00:00 /usr/bin/squidclamav
squid     2916  2751  0 12:07 ?        00:00:00 /usr/bin/squidclamav
root     14644 12384  0 13:02 pts/0    00:00:00 grep squidclamav


Code: Select all

ps -ef | grep clamd
root      8255     1  1 Apr20 ?        00:15:03 /usr/sbin/clamd
root     17900 12384  0 13:04 pts/0    00:00:00 grep clamd


Code: Select all

 cat /var/ipfire/proxy/settings | grep clamav
#


Code: Select all

cat /var/log/pakfire/install-squidclamav.log
stty: standard input: Inappropriate ioctl for device
Extracting files...
tar: The --preserve option is deprecated, use --preserve-permissions --preserve-order instead
etc/
etc/squidclamav.conf
srv/
srv/web/
srv/web/ipfire/
srv/web/ipfire/html/
srv/web/ipfire/html/clwarn.cgi
usr/
usr/bin/
usr/bin/squidclamav
var/
var/ipfire/
var/ipfire/backup/
var/ipfire/backup/addons/
var/ipfire/backup/addons/includes/
var/ipfire/backup/addons/includes/squidclamav
...Finished.
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
[  OK  ] Squid Proxy Server...
stty: standard input: Inappropriate ioctl for device
[  OK  ] Squid Proxy Server...


Code: Select all

die Config:

##squid_ip 127.0.0.1
##squid_port 800
proxy none
#
logfile /var/log/squidclamav.log
redirect http://127.0.0.1:81/clwarn.cgi
#
debug 2
stat 0
#
clamd_local /var/run/clamav/clamd
#clamd_ip 192.168.1.5
#clamd_port 3310
#
maxsize 5000000
maxredir 30
timeout 60
#trust_cache 1
#
# Do not scan standard HTTP images
abort ^.*\.(ico|gif|png|jpg)$
abortcontent ^image\/.*$
#
# Do not scan text and javascript files
abort ^.*\.(css|xml|xsl|js|html|jsp)$
abortcontent ^text\/.*$
abortcontent ^application\/x-javascript$
#
# Do not scan streaming videos
abortcontent ^video\/mp4$
abortcontent ^video\/x-flv$
#
# Do not scan pdf and flash
#abort ^.*\.(pdf|swf)$
#
# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
abortcontent ^.*application\/x-mms-framed.*$
#
# White list some sites
whitelist .*\.clamav.net
~


Ein logfile gibt es nicht :(

User avatar
Maniacikarus
Core Developer
Core Developer
Posts: 6210
Joined: February 24th, 2006, 10:35 am
Location: Nürnberg
Contact:

Re: Squidclamav scannt wohl nicht

Post by Maniacikarus » April 21st, 2010, 11:25 am

/var/log/squidclamav.log existiert nicht?
Image

quicksilver

Re: Squidclamav scannt wohl nicht

Post by quicksilver » April 21st, 2010, 11:32 am

Nein die gibt es leider nicht. Wodran kann das liegen?

User avatar
Maniacikarus
Core Developer
Core Developer
Posts: 6210
Joined: February 24th, 2006, 10:35 am
Location: Nürnberg
Contact:

Re: Squidclamav scannt wohl nicht

Post by Maniacikarus » April 21st, 2010, 11:33 am

ruf doch bitte mal /usr/bin/squidclamav auf console auf und schau was er dir sagt
Image

quicksilver

Re: Squidclamav scannt wohl nicht

Post by quicksilver » April 21st, 2010, 11:45 am

Da kommt leider nicht so viel :(

Code: Select all

# /usr/bin/squidclamav
SquidClamav v5.2 running in interactive mode
Wed Apr 21 13:43:34 2010 LOG SquidClamav v5.2 (PID 26259) started

User avatar
Maniacikarus
Core Developer
Core Developer
Posts: 6210
Joined: February 24th, 2006, 10:35 am
Location: Nürnberg
Contact:

Re: Squidclamav scannt wohl nicht

Post by Maniacikarus » April 21st, 2010, 11:51 am

hm, ist denn jetzt ein Logfile vorhanden? Ansonsten ggf. mit nem Schalter auf die Config verweisen, um sicher zu gehen, dass diese geladen wird und dann nochmal schauen.

Wichtig beim testen auch sicherstellen, dass die "Testviren" nicht schon im Cache liegen.
Image

quicksilver

Re: Squidclamav scannt wohl nicht

Post by quicksilver » April 21st, 2010, 11:52 am

Nein keine log da :( :(

Code: Select all

# /usr/bin/squidclamav -c /etc/squidclamav.conf
SquidClamav v5.2 running in interactive mode
Wed Apr 21 13:52:12 2010 LOG SquidClamav v5.2 (PID 10389) started


auch nichts :(

User avatar
Maniacikarus
Core Developer
Core Developer
Posts: 6210
Joined: February 24th, 2006, 10:35 am
Location: Nürnberg
Contact:

Re: Squidclamav scannt wohl nicht

Post by Maniacikarus » April 21st, 2010, 12:20 pm

zum austesten

Code: Select all

For example, let's check slashdot:

   http://www.slashdot.org/ 192.168.1.3 mylog GET

As this site doesn't contains any virus :-) squidclamav simply return an empty
line. Now to test clamav antivir let's type the following entry:

   http://www.eicar.org/download/eicar.com 192.168.1.3 mylog GET

The result must be a redirection the clwarn.cgi as follow:

   Thu ... 2008 LOG Redirecting URL to: http://theproxy.com/cgi-bin/clwarn.cgi?url=http://www.eicar.org/download/eicar.com&source=192.168.1.3&user=mylog&virus=stream:+Eicar-Test-Signature+FOUND
   http://theproxy.com/cgi-bin/clwarn.cgi?url=http://www.eicar.org/download/eicar.com&source=192.168.1.3&user=mylog&virus=stream:+Eicar-Test-Signature+FOUND 192.168.1.3 mylog GET

This last line is the request returned to squid.
Type Ctrl+C to quit.



einfach ein echo "Text"  | /usr/bin/squidclamav
Image

User avatar
Maniacikarus
Core Developer
Core Developer
Posts: 6210
Joined: February 24th, 2006, 10:35 am
Location: Nürnberg
Contact:

Re: Squidclamav scannt wohl nicht

Post by Maniacikarus » April 21st, 2010, 4:13 pm

habe es gerade mal bei mir versucht, zwar mit der 5.3 aus dem Testing tree, allerdings tut die soweit

Code: Select all

SquidClamAv Virus detection   
Eicar-Test-Signature found
Access to the requested page has been denied
URL: http://www.eicar.org/download/eicar.com


Geloggt wird hier übrigens auch nix, muss ich mir nochmal anschauen, aber funktionieren sollte es.
Image

Yoni-Priester
Posts: 34
Joined: August 13th, 2013, 9:15 pm

Re: Squidclamav scannt wohl nicht

Post by Yoni-Priester » July 29th, 2017, 7:28 am

ich habe das problem auch:
mit folgender Fehlermeldung:

Code: Select all

Sat Jul 29 09:26:57 2017 DEBUG Invalid input buffer, aborting:
BH message="Invalid input buffer"
ich habe auch ein logfile:

Code: Select all

                                                                                                                                               ?
[root@Router ~]# mc
squidclamav.log    [BM--] 87 L:[236+38 274/328] *(48152/52128b) 0010 0x00A                                                                                                                                                              [*][X]
Sat Jul 29 00:02:06 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:06 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:06 2017 [2827] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:06 2017 [2827] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:07 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:07 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:18 2017 [2827] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:18 2017 [2827] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.Sat Jul 29 00:02:02 2017 [2924] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:02 2017 [2924] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:02 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:02 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:02 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:02 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:02 2017 [2827] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:02 2017 [2827] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:02 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:02 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:03 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:03 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:03 2017 [2827] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:03 2017 [2827] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:03 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:03 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:06 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:06 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:06 2017 [2827] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:06 2017 [2827] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:07 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:07 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:18 2017 [2827] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:18 2017 [2827] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.
Sat Jul 29 00:02:18 2017 [2663] ERROR Can't connect to Clamd daemon, fallback to Squid.
Sat Jul 29 07:48:42 2017 [19574] LOG SquidClamav v5.11 (PID 19574) started
Sat Jul 29 07:48:42 2017 [19576] LOG SquidClamav v5.11 (PID 19576) started
Sat Jul 29 07:48:42 2017 [19578] LOG SquidClamav v5.11 (PID 19578) started
Sat Jul 29 07:48:42 2017 [19580] LOG SquidClamav v5.11 (PID 19580) started
Sat Jul 29 07:48:43 2017 [19582] LOG SquidClamav v5.11 (PID 19582) started
Sat Jul 29 07:48:43 2017 [19584] LOG SquidClamav v5.11 (PID 19584) started
Sat Jul 29 07:48:43 2017 [19587] LOG SquidClamav v5.11 (PID 19587) started
Sat Jul 29 07:48:43 2017 [19588] LOG SquidClamav v5.11 (PID 19588) started
Sat Jul 29 07:48:43 2017 [19590] LOG SquidClamav v5.11 (PID 19590) started
Sat Jul 29 07:48:43 2017 [19592] LOG SquidClamav v5.11 (PID 19592) started
Sat Jul 29 07:48:43 2017 [19596] LOG SquidClamav v5.11 (PID 19596) started
Sat Jul 29 07:48:43 2017 [19594] LOG SquidClamav v5.11 (PID 19594) started
Sat Jul 29 07:48:43 2017 [19598] LOG SquidClamav v5.11 (PID 19598) started
Sat Jul 29 07:48:43 2017 [19601] LOG SquidClamav v5.11 (PID 19601) started
Sat Jul 29 07:48:43 2017 [19604] LOG SquidClamav v5.11 (PID 19604) started
Sat Jul 29 07:48:43 2017 [19603] LOG SquidClamav v5.11 (PID 19603) started
Sat Jul 29 07:48:43 2017 [19606] LOG SquidClamav v5.11 (PID 19606) started
Sat Jul 29 07:48:43 2017 [19608] LOG SquidClamav v5.11 (PID 19608) started
Sat Jul 29 07:48:43 2017 [19610] LOG SquidClamav v5.11 (PID 19610) started
Sat Jul 29 07:48:43 2017 [19612] LOG SquidClamav v5.11 (PID 19612) started
Sat Jul 29 07:48:43 2017 [19615] LOG SquidClamav v5.11 (PID 19615) started
Sat Jul 29 07:48:43 2017 [19616] LOG SquidClamav v5.11 (PID 19616) started
 1Help                  2Save                   3Mark                   4Replac                 5Copy                   6Move                  7Search                 8Delete                 9PullDn                10Quit

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest